The Cybersecurity and Infrastructure Security Agency (CISA)—long regarded as the country’s first line of defense against cyber threats—is facing budget reductions under Trump’s second-term policies.
While CISA played a critical role in safeguarding critical infrastructure, recent reports suggest that its ability to combat cyberattacks will be significantly weakened as funding shifts toward other priorities.
Cybersecurity researcher Brian Krebs reports that the Trump administration has already fired at least 130 employees at CISA, including “staff dedicated to securing U.S. elections, and fighting misinformation and foreign influence operations.”
He and other prominent security analysts warn that defunding CISA could lead to gaps in national cyber defense, exposing federal agencies, private businesses, and even individuals to higher risks of cyberattacks.
Previous attempts to weaken cybersecurity protections in government agencies have resulted in massive data breaches, ransomware attacks, and exploitation by foreign intelligence groups.
DOGE ‘s CISA Cutbacks Raise Alarms
Beyond federal cybersecurity cutbacks, consumer protections related to data security, financial fraud, and privacy regulations are also being scaled back. Key regulatory agencies responsible for enforcing digital protections are either losing oversight authority or having their enforcement powers reduced.
This shift mirrors previous deregulation efforts that made it easier for corporations to collect and use consumer data with fewer restrictions.
The rollback of consumer protections has drawn comparisons to previous administrations’ attempts to deregulate digital industries, which often resulted in increased fraud, data breaches, and weakened online privacy protections.
While agencies like CISA are losing funding, another organization—DOGE—is expanding its influence over federal cybersecurity and financial oversight. Originally positioned as a government efficiency initiative, DOGE has now assumed responsibilities that traditionally fell under CISA and other national security-focused agencies.
This shift has led to growing unease among cybersecurity experts and federal officials, who warn that DOGE operates with less oversight, fewer regulatory checks, and a hiring process that has raised serious security concerns.
With CISA’s authority being scaled back and DOGE growing in influence, concerns are mounting about who is now overseeing federal cybersecurity—and whether the U.S. is creating internal security vulnerabilities that could be exploited by cybercriminals or foreign adversaries.
While the budget cuts to CISA and the rollback of consumer protections have alarmed experts, another development has fueled even greater concerns: DOGE’s hiring practices.
Investigations have revealed a pattern of questionable recruitment, with key personnel linked to extremist online networks and even former foreign intelligence figures.
Who Is Running The Show: Questionable DOGE Hires
While CISA’s funding and enforcement power shrink, DOGE has been quietly absorbing cybersecurity oversight responsibilities, including access to financial and national security systems. This shift has led to concerns from experts who argue that DOGE is operating with little to no external oversight.
Unlike traditional security agencies like CISA, the FBI, or the NSA, DOGE has been granted access to critical government data without the same level of scrutiny, background checks, or operational transparency. Reports indicate that DOGE staff members have gained access to key Treasury and IRS systems, prompting internal resistance within the government.
The expansion of DOGE’s authority has triggered pushback from within federal agencies, with officials questioning whether security clearance procedures are being bypassed to place politically aligned or ideologically motivated individuals in key cybersecurity roles.
A major point of contention regarding DOGE’s staffing practices is the hiring of individuals with ties to ‘The Com’, an online network associated with doxing, cyber harassment, and extremist digital campaigns.
According to investigative reporting, multiple DOGE hires previously engaged in activities linked to ‘The Com’, raising concerns about the integrity of the agency’s recruitment process.
Earlier this week, personnel from Elon Musk’s Department of Government Efficiency (DOGE) gained access to CISA’s email systems and networked files, marking a significant shift in control over the agency’s digital infrastructure.
Among the DOGE staff granted access was Edward “Big Balls” Coristine, a 19-year-old with past involvement in “The Com”—a loosely connected network of Discord and Telegram channels known for facilitating cybercriminal activities. (Wikipedia provides a list of known DOGE employees)
Investigative journalist Jacob Silverman reports that Coristine is the grandson of Valery Martynov, a KGB double agent who spied for the United States. Silverman’s findings detail how Martynov’s wife, Natalya Martynova, relocated to the U.S. with their two children after his death.
Another DOGE member, Christopher Stanley, previously held roles as senior director for security engineering at X and principal security engineer at SpaceX, both under Elon Musk’s leadership. At 33, Stanley is no stranger to online notoriety—he briefly gained attention on Twitter in 2015 after leaking the user database of LizardStresser, a DDoS-for-hire service. The exposure of this information led to serious backlash, including threats of physical violence against his family.
Cybersecurity expert Bruce Schneier is calling DOGE’s purge “a National cyberattack”, saying:
“But the most alarming aspect isn’t just the access being granted. It’s the systematic dismantling of security measures that would detect and prevent misuse—including standard incident response protocols, auditing, and change-tracking mechanisms—by removing the career officials in charge of those security measures and replacing them with inexperienced operators.
The Treasury’s computer systems have such an impact on national security that they were designed with the same principle that guides nuclear launch protocols: No single person should have unlimited power. Just as launching a nuclear missile requires two separate officers turning their keys simultaneously, making changes to critical financial systems traditionally requires multiple authorized personnel working in concert.”
Jacob Williams, a former hacker with the U.S. National Security Agency who now works as managing director of the cybersecurity firm Hunter Labs, warned on LinkedIn that DOGE’s actions were “a bigger threat to U.S. federal government information systems than China”, because of the CIA triad, a guiding model in information security based on Confidentiality, Integrity, and Availability. He writes:
“In prior intrusions into federal IT systems, China has only ever been reported as targeting confidentiality. This makes sense – anything else would likely be treated as an act of war. Even on the confidentiality front, China had to trickle data out of the network. Bulk exfil is how you get caught pretty much anywhere. […] But my concerns with DOGE are primarily around integrity and availability. I should be clear that I don’t think anyone at DOGE would intentionally harm the integrity and availability of these systems.
But – and this is key – it’s widely reported (and not denied) that DOGE introduced code changes into multiple federal IT systems. These code changes are not following the normal process for vetting and review given to federal government IT systems. I know this because government IT doesn’t move at this pace with production systems. Separately, I’ve got friends in federal government IT who are saying so back-channel (not publicly under their own names for obvious fear of retaliation).”
Federal Agencies Push Back Against DOGE’s Influence
As concerns over DOGE’s hiring practices and expanding authority grow, several federal agencies have started imposing internal restrictions to curb the agency’s unchecked power. The IRS, in particular, has moved to limit DOGE-affiliated personnel from accessing taxpayer data, following internal objections from career officials who warned of security vulnerabilities and potential misuse.
According to official IRS documents, restrictions were placed on a Musk-linked DOGE recruit, who was initially granted access to federal tax systems. The restriction states, according to The New York Times:
“Should access to I.R.S. systems that contain returns or return information become necessary as part of the detailee’s duties under this agreement, that access shall only be provided if it is anonymized and in a manner that cannot be associated with, directly or indirectly, any taxpayer.”
The IRS decision, which effectively blocks DOGE’s unrestricted access to sensitive taxpayer records, marks one of the first documented instances of government resistance to the agency’s growing influence. However, it remains unclear how much oversight other agencies are implementing, and cybersecurity watchdogs are warning that the risks extend beyond just financial data.
Lawmakers and Watchdog Groups Demand Accountability
With internal agency resistance building, lawmakers and independent watchdog organizations are calling for immediate oversight measures to review DOGE’s hiring practices and security protocols. Several congressional committees are reportedly considering an investigation into how DOGE recruits personnel and whether its hiring choices violate standard federal security protocols.
- The House Science, Space, and Technology Committee has raised concerns about DOGE’s involvement with NASA and potential conflicts of interest.
- The Senate Select Committee on Intelligence, led by Vice Chairman Mark R. Warner and other members, is investigating the risks to national security posed by unvetted DOGE staff accessing classified and sensitive government materials.
- The Senate Homeland Security and Governmental Affairs Committee, led by Ranking Member Gary Peters and colleagues, is calling for an immediate pause on DOGE activities in federal agencies due to potential violations of ethics, national security, and privacy laws.
- The House Oversight Subcommittee on Delivering on Government Efficiency held a hearing focused on DOGE’s activities and Elon Musk’s involvement in the executive branch.
Multiple cybersecurity-focused policy groups like The Stanford Center for Internet and Society and The Center for Democracy & Technology have also released statements urging Congress to impose stricter oversight on DOGE, with some even advocating for a temporary suspension of its expanded authority until full security reviews can be conducted.
As pushback against DOGE intensifies, the agency’s ability to maintain its unchecked influence may face growing resistance. With CISA’s power diminished and watchdog groups ramping up scrutiny, the focus will likely shift to whether legislative action can impose proper oversight before security vulnerabilities turn into real-world crises.
The controversy surrounding DOGE’s hiring and its role in cybersecurity governance is far from over. While federal agencies like the IRS have started imposing limits, larger questions remain about how far DOGE’s unchecked authority extends—and whether it will be reined in before lasting damage is done.
